Crea8Social 1.3 – Persistent Cross-Site Scripting

• Exploit Database
• 12 阅读

• 作者： Halil Dalabasmaz
  日期： 2014-11-25
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/35367/

• # Exploit Title: crea8social 1.3 Stored XSS Vulnerability
  # Date: 24-10-2014
  # Exploit Author: Halil Dalabasmaz
  # Version: v1.3
  # Vendor Homepage: http://codecanyon.net/item/crea8social-php-social-networking-platform-v13/9211270
  # Tested on: Chrome & Iceweasel
  
  # Vulnerability Description:
  
  ===Stored XSS===
  Create a page from "Pages" (/pages) section. "Page Website" input is not secure. You can run XSS payloads on "Page Website" input.
  
  Sample Payload for Stored XSS: http://example.com/">[xssPayload]
  
  =Solution=
  Filter the input field against to XSS attacks.
  ================